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REMARKS 

Claims 1-20 are pending in the patent application. The 
Examiner has rejected Claims 9, 14 and 17 under 35 USC 112 
as indefinite. By this amendment, the language of Claims 9, 
14, and 17 has been amended to address the rejection. The 
Examiner has also rejected Claims 1, 5, and 9 as indefinite. 
The Examiner states that it is unclear to the examiner how 
the encrypted second key may be decrypted by using only the 
one time password and not also using the first key. 
Applicants respectfully assert that the user only needs the 
second key for decrypting the encrypted version of the data, 
since it was the second key that was used to encrypt the 
data. Applicants believe that the claim language is 
definite. The examiner also states that it is unclear as to 
how the client would not know the value of b. Applicants 
are not claiming that the client would not know the value of 
b, and respectfully assert that the claim language is not 
unclear. 

The Examiner has rejected Claims 1, 3-4, 7-8, 12 and 15 
under 35 USC 103 as unpatentable over the teachings of 
Thomlinson in view of Aziz; Claims 2, 5-6, 13, 16, and 18-19 
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as unpatentable over Thomlinson in view of Aziz and further 
in view of Mi; Claims 9, 14, and 17 as unpatentable over 
Thomlinson in view of Aziz and Jablon; Claims 10 and 20 as 
unpatentable over Thomlinson in view of Aziz and Jablon and 
further in view of Mi; and, Claim 11 as being unpatentable 
over the teachings of Thomlinson in view of Aziz, and Jablon 
and further in view of Schneier. For the reasons set forth 
below, Applicants respectfully assert that all of the 
pending claims are patentable over the cited prior art. 

The present invention is a computer program product and 
method for securely providing data of a content provider to 
a user without trusting an internet service provider. The 
present invention allows secure data transfer between a 
content provider and a user without having the internet 
service provider participate in the security features, such 
that transmitted data is always encrypted. In that way, a 
user could access the internet through any service provider, 
without sharing any security information with the internet 
service provider. Similarly, the content provider could 
securely transmit encrypted data to a trusted user, without 
concern that the internet service provider, or other 
customers of the internet service provider, could access the 
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content provider's data. The security relationship is 
between the content provider and the user and the claims 
expressly recite steps for exchanging encryption keys and 
passwords only between the user and the content provider. 
By the previous amendments, Applicants have ensured that all 
of the claims expressly recite that the content provider is 
not the internet service provider and that the secure 
transmission is done without trusting the internet service 
provider. 

Claims 5-8, 13, 16 and 19 recite a method, program 
storage device and means for securely providing data of a 
content provider through an internet service provider to a 
user at a client machine without trusting an internet 
service provider, wherein the content provider and the 
internet service provider are different entities, the method 
comprising, when the user accesses a web page of the content 
provider, downloading an applet from the content provider to 
the client machine; generating a first key known only to the 
content provider; encrypting a second key using the first 
key and an encryption algorithm requiring a one-time 
password; transmitting the second encrypted key for storage 
at the client machine; and when the user first desires to 
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access the data, the applet requesting the one-time password 
from the user and, based on correct entry of the one-time 
password, decrypting said second encrypted key and accessing 
the data by decrypting an encrypted version of the data at 
the client machine using the second key. Support for the 
added features related to downloading and executing the 
applet is found in the Specification (e.g., at page 6, line 
12, and page 7, lines 3-21) . 

Claims 9-11, 14, 17, and 20, recite a method, program 
storage device and means for authenticating a user at one 
client machine seeking access to secure data of a content 
provider comprising: transmitting g and the identity of 
the user of the one client machine to the content provider 
node, wherein g and a are random numbers and where a is 
known only to the client machine, and where g is known to 
both content provider and the client machine; generating gA 
b, where b is known only to the content provider node; 
encrypting gAb with a one-time password of the user and 
transmitting gAb to the client machine; calculating gA(a*b) 
using the one-time password to decrypt gAb; and transmitting 
g A (a*b) to the content provider, whereby the client 
machine's knowledge of g\(a*b) authenticates the user to the 
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content provider, wherein an encryption key for 
encrypting data to be transmitted from the content provider 
to the client machine and for decrypting the encrypted data 
at the client machine uses gA(a*b) . Support is found in the 
original Specification (see: e.g., page 9). 

The Examiner has rejected all of the pending claims 
using the Thomlinson patent as the primary reference. 
Thomlinson patent is directed to a system and method for 
protecting data wherein the service provider is involved in 
the encryption and authentication process. As expressly 
stated in Col. 2, lines 12-13 of Thomlinson, "encryption is 
based on the user's logon password or some other secret 
supplied during network logon." Applicants contend that the 
security relationship in the Thomlinson patent is not 
between a user and a content provider wherein the content 
provider is a different entity from the service provider. 
Applicants respectfully assert that the present invention 
expressly omits the service provider from the process in 
order to protect data when an untrusted service provider is 
part of the data delivery. 

The Thomlinson system provides a master key which is 
used to encrypt an item key (col. 9, lines 20-22). In turn, 
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at the "client" in Thomlinson, the master key is used to 
decrypt the item key (Col. 10, lines 5-13). Clearly, the 
master key is known to both entities . Applicants have 
amended the claim language, as discussed above, to expressly 
state that the first key (or 'b' in Claims 9, et al) is 
known to the content provider and not to the user. Clearly 
Thomlinson does not teach or suggest that limitation. 

The Examiner concludes that the item key of Thomlinson 
reads on the second key. However, Thomlinson states at Col. 
9, lines 13-27 that "an item key is randomly generated for 
each data item received. . . [and] . . . [t]he data item is 
encrypted with its corresponding item key... using a master 
key." Further, "the master key is encrypted using a code 
that is derived from user authentication." Clearly what 
Thomlinson is teaching is encryption based on user 
identification at logon, using an encryption algorithm which 
was previously determined (see: Col. 8, lines 64-67), and 
assignment of item "keys", which are not encryption or 
decryption keys but are item identifiers that are encrypted 
along with the items. Clearly Thomlinson is not teaching or 
suggesting generating first and second keys as claimed. 
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While in an earlier Office Action, the Examiner 
acknowledged that the Thomlinson patent does not teach or 
suggest storing encrypted second keys at the client, the 
Examiner now cites Col. 9, line 63- Col. 10, line 4 against 
the claimed storing. What the Thomlinson patent teaches in 
the cited paragraph is that the encryption provider gathers 
the relevant data and "returns all of these in a single 
package to the calling application program." Applicants 
respectfully assert that returning information to a program 
at the encryption provider location is not the same as or 
suggestive of transmitting information for storage at the 
client location. 

The Examiner has acknowledged that Thomlinson lacks any 
mention of a one-time password and has cited the Aziz patent 
teachings. However, in the arguments presented at the top 
of page 4 of the Office Action, the Examiner is applying the 
Aziz patent teachings to those of the Mi patent. Applicants 
request clarification of the rejections. Applicants further 
assert that Aziz does not provide those teachings which are 
missing from the Thomlinson patent. Aziz does not teach 
encrypting a second key using a first key and a one time 
password at one entity and then decrypting the second 
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encrypted key using the one time password at the other 
entity. 

With regard to Claims 2 and 6, the Examiner has further 
cited the Mi patent in combination with Thomlinson and Aziz; 
and, in rejecting Claim 10, the Examiner has cited Mi in 
combination with Thomlinson, Aziz and Jablon. The Mi patent 
is directed to a system and method for using an 
internet-based caller ID to control client access to an 
object stored on a server. Under the Mi method, upon 
receipt of a client request, the server generates a DLL file 
407 having a secret key 418 (Col. 7, lines 23-26) and sends 
the DLL file with an applet to the client browser (Col. 7, 
lines 27-33 and 41-44). At the client, the DLL file is 
executed so that the client uses the same secret key 418 
from the DLL file, as well as its processor number 422 which 
is known to the server (Col. 6, lines 56-67) to calculate a 
hash value which is returned to the server (Col. 8, lines 
4-9 and 32-35) . When the server receives the hash value 
from the client, the server's comparison agent calculates a 
hash value, compares it to the received hash value, and 
allows the client access to the data if the two values 
compare favorably (Col. 8, lines 36-44). For each session, 
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the DLL file will contain a different secret key (Col. 7, 
lines 26-27 and Col. 8, lines 49-53) which is known to both 
the server and the client. 

Applicants contend that the resulting combination would 
not obviate the invention as claimed. Since both Thomlinson 
and Mi have a key that is known to both entities, there is 
neither a teaching nor a suggestion of generating and using 
a key that is known to one entity but not known to that 
other. Moreover, neither reference, alone or in combination 
with the additionally-cited art, provides for the accessing 
of data as claimed or the downloading and use of an applet. 
While Mi may have the processor number known to the server, 
Mi does not teach or suggest the use of that information for 
permitting data access only on one client machine. 

With regard to Claims 9, 14 and 17, Applicants disagree 
with the Examiner's conclusion that the claim language is 
obviated by the combination of Thomlinson, Aziz and Jablon. 
Applicants respectfully rely on the arguments set forth 
above with regard to the teachings of the Thomlinson patent, 
alone and in combination with Aziz. The Thomlinson patent 
simply does not teach that a key is known only to one 
entity. Moreover, the teachings cited from the Jablon 
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patent, from Col. 7, lines 16-27, do not provide those 
teachings which are missing from Thomlinson and Aziz. What 
Jablon teaches is that a user creates "the user's hidden 
password, which is maintained as a shared secret and stored 
securely with the host" (see: Col. 7, lines 18-20). 
Therefore, the password is known to both the user and the 
host. Clearly Jablon is not providing the teachings which 
are missing from the Thomlinson and Aziz patents. 

In rejecting Claim 11, the Examiner has also cited the 
Applied Cryptography reference for its teachings regarding 
MAC authentication procedures . Applicants respectfully 
assert that the reference does not provide the teachings 
which are missing from the Aziz, Thomlinson and Jablon 
patents. Moreover, Applicants contend that the Examiner has 
failed to show how the MAC authentication procedures would 
be integrated into the teachings of the combined references. 
The Examiner concludes that "[b]oth client and server 
generate the same key during the authentication procedure so 
the MAC authentication would be an easy way to check 
authenticity without needing security". Applicants disagree 
with the Examiner's conclusion. Moreover, applying a MAC to 
Thomlinson, alone or in combination with the 
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additionally-cited patents, would not result in the 
invention as claimed, since none of the cited references 
teaches or suggests the use of keys not known to the other 
party, etc. 

Applicants respectfully assert that the Examiner has 
not established a prima facie case of obviousness, since the 
Examiner has not provided prior art which teaches or 
suggests all of the claims limitations {In re Wilson, 424 F. 
2d 1382, 165 U.S.P.Q. 494 (C.C.P.A. 1970). 

Based on the foregoing remarks, Applicants respectfully 
re q ues t entry of the amendments, reconsideration of the 
claim language in light of the remarks, withdrawal of the 
rejections, and allowance of the claims. 



Respectfully submitted, 



Y. Baransky, et al 
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